Cyber Operations

Caleb Rhody
Overview

Introduction of Project
Shadowing Experience
Presentation of Product
Closing
Questions
Choosing an Area of Expertise

I have been interested

with technology and
computers for about 4
years.
Started to be interested
with just hacking.
Then moved on to more
of the malware analysis.
Choosing a Research Topic

While I was shadowing I got to listen into a call from Trend Micro
about new products that automates some of the Security tools
located at BIT.
So I looked at methods on how to automate the process of
detecting, finding, and evaluating threats.
Shadowing Experience
 Definitions

Obfuscationis the willfulobscuringof the intendedmeaningofcommunication,

usually by making the messageconfusing,ambiguous, or difficult to understand.
Exploit Kit(EK)is a software kit designed to run onweb servers, with the purpose of
identifyingsoftware vulnerabilitiesinclientmachines communicating with it, and
discovering andexploitingvulnerabilities to upload and execute malicious code on the
client.
Malwareis any software used to disrupt computer or mobile operations, gather
sensitive information, gain access to private computer systems, or display unwanted
advertising.
JavaScript (JS)is ahigh-level,dynamic,untyped, andinterpretedprogramming
language.
VBScript (VBS)is anActive Scriptinglanguage developed by Microsoft that is
modeled on Visual Basic.
 Definitions Part 2

Befor
Your text here
e
Example of
Obfuscation.
Static Analysis: is
examining the code
without executing the
program.
After
Who?, Where?, Why?

Who:
(BIT) Bureau of Information and Telecommunications
Where:
Located in Pierre, SD and Sioux Falls, SD
4001 Valhalla Blvd, Suite 201, near the Empire Mall
Why:
Not to many places to look in South Dakota for this.
Shadowing Day 1

Showing me tools and software.

Showed how some forensics tools and software.
JavaScript static analysis.
Showed how Microsoft Word Macros can be used to hide
files or download them.
Shadowing Day 2

VBS obfuscation and static analysis of Microsoft Word

Macros.
Examining PDF files for malicious content.
Looked through QRadar for exploit kits (Magnitude)
(Rig).
Listened in on a phone call with Trend Micro
(known Anti-Virus Company).
Shadowing Day 3-4

Day 3:
Check out Sundown Exploit Kit and did static
analysis.
Day 4 (Last Day):
Listened into a staff meeting with everyone from our
office and the one in Pierre, SD.
My Product
Mercury Administration

Mercury is a Administration Tool which can be used by parents,

schools, law enforcement, and employers.
Captures and logs keystrokes and sends them to a remote server.
Written in C++ also contains files for installation and deployment.
Similar idea to LanSchool.
What is it used for?

Parents and Schools can use it to monitor their

childrens online activity.

Law enforcement may use it to analyze and track

incidents linked to the use of personal computers.

Employers can make sure their employees are working

instead of surfing the web all day.
Conclusion
Future Plans

Dakota State University

Cyber Operations
Special Thanks To

Nicholas Penning and all the other members at BIT

Mr. Rudebusch
Panel Members
Questions?